forked from mirrors/nixpkgs
nixos/hardened: don't set vm.unprivileged_userfaultfd
Upstreamed in anthraxx/linux-hardened@a712392b88.
This commit is contained in:
parent
cc28d51237
commit
84f258bf09
|
@ -108,7 +108,4 @@ with lib;
|
|||
# Ignore outgoing ICMP redirects (this is ipv4 only)
|
||||
boot.kernel.sysctl."net.ipv4.conf.all.send_redirects" = mkDefault false;
|
||||
boot.kernel.sysctl."net.ipv4.conf.default.send_redirects" = mkDefault false;
|
||||
|
||||
# Restrict userfaultfd syscalls to processes with the SYS_PTRACE capability
|
||||
boot.kernel.sysctl."vm.unprivileged_userfaultfd" = mkDefault false;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue